CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•4 views

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS6.1AI score0.0063EPSS

Patchstack•added 2026/05/28 2:2 p.m.•7 views

WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...

Exploits0Affected Software1

NVD•added 2026/05/27 11:16 a.m.•9 views

CVE-2026-42738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS0.00036EPSS

ATTACKERKB•added 2026/05/27 9:49 a.m.•4 views

CVE-2026-42745

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

CVE•added 2026/05/27 9:49 a.m.•11 views

CVE-2026-42746

CVE-2026-42746 concerns the WordPress Clover plugin “clover-online-orders” (Smart Online Order for Clover) with versions up to 1.6.0. The vulnerability is described as an Insertion of Sensitive Information Into Sent Data, allowing retrieval of embedded sensitive data. The provided documents indic...

7.3CVSS5.8AI score0.00049EPSS

EUVD•added 2026/05/27 9:49 a.m.•5 views

EUVD-2026-32194

Cvelist•added 2026/05/27 9:49 a.m.•26 views

CVE-2026-42746 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS0.00049EPSS

CVE•added 2026/05/27 9:49 a.m.•10 views

CVE-2026-42738

The CVE-2026-42738 entry concerns the WordPress Clover-based plugin Smart Online Order for Clover (clover-online-orders), affected versions up to and including 1.6.0. A stored XSS flaw arises from improper neutralization of input during web page generation, enabling malicious input to be stored a...

7.1CVSS5.8AI score0.00036EPSS

ATTACKERKB•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42738

7.1CVSS5.8AI score0.00036EPSS

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin Smart Online Order for Clover 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43654

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-43650

7.1CVSS5.8AI score0.00036EPSS

CNNVD•added 2026/05/27 12:0 a.m.•3 views

WordPress plugin Smart Online Order for Clover 安全漏洞

7.3CVSS5.8AI score0.00049EPSS

Patchstack•added 2026/05/26 5:42 a.m.•6 views

WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Modernee versions = 1.6.0...

5.8AI score

Exploits0Affected Software1

OSV•added 2026/05/18 1:55 p.m.•3 views

CLEANSTART-2026-LZ60917 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, ghsa-8r3f-844c-mc37 applied in versions: 1.6.0-r0, 1.6.0-r1

Multiple security vulnerabilities affect the kafkaexporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.2AI score0.00045EPSS

Exploits2References28

OSV•added 2026/05/18 1:22 p.m.•6 views

CLEANSTART-2026-TZ10716 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289 applied in versions: 1.6.0-r0

Multiple security vulnerabilities affect the cni-plugin-flannel package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.00045EPSS

Exploits4References45

CNNVD•added 2026/05/17 12:0 a.m.•5 views

CAAL 代码问题漏洞

CAAL is a self-hosted voice assistant developed by CoreWorxLab, ensuring data and keys are secure. Versions of CAAL 1.6.0 and earlier contain code vulnerabilities. These vulnerabilities stem from unknown functions in the src/caal/webhooks.py file within the test-hass endpoint, which involve...

7.5CVSS7.2AI score0.0005EPSS